Most Security Pros Expect APT Attack in Next Six Months

More than half of IT security professionals think they will be hit by a state-sponsored attack in the next six months, with 48% not confident their staff could spot the presence of a hostile intruder, according to new research.

Security firm Lieberman Software interviewed over 100 attendees at this year’s Black Hat USA conference to get their views on state-sponsored attacks.

However, despite 59% believing they are set to be attacked, the number who have no confidence in their IT department to deal with the threat dropped from 52% last year, indicating that security professionals are slightly more confident in their ability to deflect such attacks.

What’s more, the number who thought the US was “losing the battle against state-sponsored attacks” dropped from 58% in 2013 to just 44% this time around.

Tellingly, the volume of respondents who believe their organizations security products and processes can keep up with new and emerging threats dropped from 57% last year to 41% this year.

On the one hand it could be interpreted as heartening that more security professionals at least have the awareness that current systems are not up to the fight against a determined targeted attack.

Whether they have the resources or inclination to do anything about it, of course, is another matter.

This could also be aligned with the stat that 58% said they could not be confident their network had never been breached by a state-sponsored attacker or APT.

However, Lieberman Software EMEA director, Roy Duckles, warned that if companies “think” they might have been breached, they probably have been.

“The effect of a breach is often silent, in that a company has no way of knowing who has been in their network, for how long and what has been taken,” he told Infosecurity.

The answer is to invest in non-traditional tools such as file integrity management, logging and SIEM to improve detection and give them a clearer view of their risk profile.

“The three structures of IT Security used to be 'prevention', 'detection' and 'remediation'. However, with prevention an almost impossible task due to the very nature of the way IT is used today, it now falls down to 'detection' as the best way to protect systems,” he added.

“Mandiant pointed out that 100% of breaches that it monitored in 2014 had up-to-date anti-virus software, almost ineffective against APTs. This isn’t to say that companies should stop ‘putting the locks on the doors’ with well-designed and effective security perimeter infrastructure, but they should ensure that if prevention fails they have real-time monitoring to alert them to the fact that their security has been compromised.”

What’s Hot on Infosecurity Magazine?